Networking
為什麼nginx只提供http地址?
雖然我是 nginx 的新手,但幾乎一切似乎都執行良好。唯一的問題是,當我嘗試使用 https:// 地址訪問地址時,載入需要 30-60 秒,但在鍵入 http:// 時只需幾秒鐘即可重定向和載入 https://。
我確定這與我的 nginx conf 文件有關,但看不出問題出在哪裡,希望能有一些新鮮的眼光。引用我的 ssl 上下文時是否有問題?
upstream custodian { # The web application. server custodian:8000; server { listen 80; server_name custodian.fund www.custodian.fund; root /var/www/letsencrypt; location /.well-known/acme-challenge/ { default_type "text/plain"; try_files $uri =404; } location / { return 301 https://custodian.fund$request_uri; } } server { listen 443 ssl; server_name custodian.fund; # Static asset path, which is read from the custodian container's VOLUME. root /custodian/static; # Ensure timeouts are equal across browsers and raise the max content-length size. keepalive_timeout 60; client_max_body_size 5m; # SSL goodness. ssl on; ssl_certificate /etc/ssl/private/custodian.fund.pem; ssl_certificate_key /etc/ssl/custodian.fund.key; ssl_trusted_certificate /etc/ssl/private/custodian.fund.pem; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"; ssl_dhparam /etc/ssl/dhparam.pem; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:50m; ssl_session_timeout 5m; ssl_stapling on; ssl_stapling_verify on; resolver 8.8.8.8; resolver_timeout 5s; add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;"; # ssl_certificate /etc/ssl/certs/productionexample.crt; # ssl_certificate_key /etc/ssl/private/productionexample.key; # Disallow access to hidden files and directories. location ~ /\. { return 404; access_log off; log_not_found off; } # Allow optionally writing an index.html file to take precedence over the upstream. try_files $uri $uri/index.html $uri.html @custodian; # Attempt to load the favicon or fall back to status code 204. location = /favicon.ico { try_files /favicon.ico = 204; access_log off; log_not_found off; } # Load the web app back end with proper headers. location @custodian { proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $http_host;
問題出在您的 DNS 中。您已經為您的主機名 custodian.fund 配置了四個完全不同的 IP 地址,但其中只有一個是您的站點實際託管的位置。
custodian.fund has address 107.161.23.204 custodian.fund has address 128.199.121.161 custodian.fund has address 209.141.38.71 custodian.fund has address 192.161.187.200
其他三個地址無法連接,因為它們中的任何一個都沒有。
要解決此問題,請從您的 DNS 記錄中刪除三個不正確的條目。